Configuring Control-Plane Security
This example shows the default policers assigned to NNIs. Most protocols have no policers assigned to
NNIs. A value of 255 means that no policer is assigned to the port for the protocol.
Switch #show platform policer cpu interface gigabitethernet 0/1
Policers assigned for CPU protection
=========================================================
Feature
=========================================================
Gi0/1
STP
LACP
8021X
RSVD_STP
PVST_PLUS
CDP
DTP
UDLD
PAGP
VTP
CISCO_L2
KEEPALIVE
SWITCH_MAC
SWITCH_ROUTER_MAC
SWITCH_IGMP
SWITCH_L2PT
Configuring Control-Plane Security
CPU policers are pre-allocated. You can configure only the rate-limiting threshold. The configured
threshold applies to all protocols and all UNIs.
Note
During normal Layer 2 operation, you cannot ping the switch through a UNI. This restriction does not
apply to NNIs. See the
Beginning in privileged EXEC mode, follow these steps to set the threshold rate for CPU protection:
Command
Step 1
configure terminal
Step 2
policer cpu uni rate
Step 3
end
Step 4
show policer cpu uni rate
Step 5
copy running-config startup-config
To return to the default threshold rate, use the no policer cpu uni global configuration command.
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
29-4
Policer
Index
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
"Using Ping" section on page 36-10
Purpose
Enter global configuration mode.
Configure the CPU protection policing threshold rate. The range is
from 8000 to 409500 bits per second (bps). The default, if none is
configured, is 160000 bps.
Return to privileged EXEC mode.
Verify the configured CPU policer rate.
(Optional) Save your entries in the configuration file.
Chapter 29
Configuring Control-Plane Security
Physical
Policer
255
255
255
255
255
255
255
255
255
255
255
255
255
255
255
255
for ways to enable ping in a test situation.
78-17058-01